System and method to identify a security entity in a computing environment is disclosed. Communication between a user computer and at least one destination computer by a security appliance is monitored by a security appliance. Selective information from the communication is extracted. A primary fingerprint is generated using a subset of the selective information. The generated primary fingerprint is evaluated for a match in an application ID database. When there is a match, corresponding application ID is assigned to the communication, wherein the application ID is associated with an application that generated the communication.
Legal claims defining the scope of protection, as filed with the USPTO.
2. The method of claim 1, wherein the extracted selective information is part of a handshake protocol of a secure communication protocol.
3. The method of claim 1, wherein the communication includes an un-encrypted portion and an encrypted portion and the extracted selective information is part of the un-encrypted portion of the communication.
4. The method of claim 1, wherein the extracted selective information is part of a client hello communication.
5. The method of claim 4, wherein the client hello communication is based on a BoringSSL protocol.
6. The method of claim 5, wherein the extracted selective information is a grease value.
9. The method of claim 1, wherein the communication is a Transport Layer Security (TLS) client hello packet and wherein the first subset of fields excludes TLS conditional extensions.
11. The system of claim 10, wherein the extracted selective information is part of a handshake protocol of a secure communication protocol.
12. The system of claim 10, wherein the communication includes an un-encrypted portion and an encrypted portion and the extracted selective information is part of the un-encrypted portion of the communication.
13. The system of claim 10, wherein the extracted selective information is part of a client hello communication.
14. The system of claim 13, wherein the client hello communication is based on a BoringSSL protocol.
15. The system of claim 14, wherein the extracted selective information is a grease value.
19. The method of claim 18 wherein the network packet is intercepted by a network tap device and received by the device from the network tap device.
20. The method of claim 18 wherein the network packet is a Transport Layer Security (TLS) client hello packet.
Cooperative Patent Classification codes for this invention. Click any code to explore related patents in that topic.
December 4, 2019
October 22, 2024
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.